Protecting NFC data exchange against eavesdropping with encryption record type definition

• Published in: IEEE/IFIP Network Operations and Management Symposium pp. 577 - 583
• Main Authors: Hameed, Sufian, Jamali, Usman Murad, Samad, Adnan
• Format: Conference Proceeding Journal Article
• Language: English
• Published: IEEE 01.04.2016
• Subjects: Data exchange; Eavesdropping; Encryption; Encryption Record; Mathematical models; Middleware; Near field communication; NFC Encryption; NFC Security; Payloads; Security; Tag Confidentiality; Weight reduction
• ISSN: 2374-9709
• DOI: 10.1109/NOMS.2016.7502861

Near Field Communication (NFC) is inherently vulnerable to eavesdropping and proximity hijacking attacks. NFC standards itself lack built-in security features against eavesdropping for all the modes of communication in NFC-ecosystem. This drives the application developers to implement customize security features on their own. These non-standard solutions in turn result in the system's security against vulnerabilities being subject to the developer's capability of designing a secure solution. Clearly, this model is a limiting factor in the widespread adoption and deployment of NFC applications. In this paper we propose a standard Encryption Record Type Definition (ERTD) to provide confidentiality to NFC Data Exchange format (NDEF). Subsequently, we develop a fully compliant prototype of our ERTD as a lightweight plug and play confidentiality middleware in the existing NFC communication architecture. Finally, we perform an in-depth performance evaluation, of different confidentiality related primitives that focuses on processing latency and data overheads.